There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.
New rsync packages are available to fix a security problem.
Here's the information from the Slackware 8.0 ChangeLog:
Fri Jan 25 14:25:51 PST 2002
patches/packages/rsync.tgz: Fixed a security hole by upgrading to
rsync-2.4.8pre1. This is the relevant information from the rsync NEWS file:
SECURITY FIXES:
* Signedness security patch from Sebastian Krahmer
<krahmer@suse.de> -- in some cases we were not sufficiently
careful about reading integers from the network.
(* Security fix *)
We recommend that sites providing external rsync access upgrade to the fixed
rsync package as soon as possible.
WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated rsync package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/rsync.tgz
Updated rsync package for Slackware 7.1:
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/rsync.tgz
MD5 SIGNATURE:
--------------
Here are the md5sums for the packages:
Slackware 8.0:
1e87ef764968bc9da53e38eadf8a7d22 rsync.tgz
Slackware 7.1:
294079e04b18dafddee820468aad3a16 rsync.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
Simply upgrade as root:
# upgradepkg rsync.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.